ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button
  Ten Security Checks for PHP, Part 2
Subject:   Avoid Loose Typing Intricacies - fix
Date:   2003-04-07 23:32:18
From:   ljweb
Rather than the
if ($user_id < 0 || $user_id > 2 || !isset($user_id)) {
line, I would advice the use of
if (is_int($user_id) && isset($users[$user_id])) {

The reason is, that even how small or large a usertable must be, there will always be someone skipping out from time to time, leaving empty slots in the list. Checking for larger/less-than is then not optimal and will produce yet another security flaw, as the subject of this very article states. Using "loginnames" rather than a number, would remove this problem same time.

I know, the code produces is not intended for production site (or I hope so), but the examples provided should rate as code worth copying and following.

/ Lars

1 to 1 of 1
1 to 1 of 1